Virtual processing environments often include one or more virtual machines (VMs) operating within a virtualization layer operating within a VM host server. Generic virtual interfaces have been developed to facilitate communications with such VMs and to allow VMs to migrate from one VM host server to another VM host server. Virtio is one generic virtual interface that has been developed for Linux based systems and related virtualization layers. Virtio-PCI is a virtual PCI (peripheral component interface) interface that is part of the Virtio virtual interface that can be used to communicate with applications running within VMs. Virtio-PCI virtual interfaces are designed as stateless interfaces. As such, when a VM including a Virtio-PCI based emulated device is migrated from one platform to other: (1) the Virtio-PCI device can continue to work seamlessly, and (2) processing can be resumed without any disruption in a service that is implemented using the Virtio-PCI virtual interface. However, this operation requires that the Virtio-PCI based emulated device be stateless, so that Virtio backend drivers on the new VM host server can continue processing requests associated with the migrated VM.
Security processing for network communications is used in a variety of environments. Security processing acceleration is used where certain security tasks for security applications are performed by separate security engines to improve processing efficiency. For security processing acceleration, a security context is typically created within the hardware accelerator by providing security parameters such as security protocols, security keys, security processing algorithms, and/or other security information during connection set up. This security context creates a stateful solution as the hardware accelerator keeps track of the security context as an initialization vector. This security information can also be cached as part of the hardware security context in order to avoid the requirement of passing the same security parameters (e.g., security protocol, security keys, security processing algorithms, etc.) with every processing request.
However, where security processing acceleration is desired for virtual processing environments using stateless virtual interfaces, such as Virtio-PCI, the stateful tracking of the hardware security context does not work when VMs migrate to new VM host servers. For example, assuming a VM includes a security application that is using a security engine within the VM host server for security processing acceleration, the security application will pass security parameters (e.g., security protocol, security key, security processing algorithms, etc.) along with data for the security processing operations through a Virtio-PCI frontend driver to a Virtio-PCI backend driver within the VM host server. If it is assumed that the VM will not migrate from the VM host server, these security parameters need not be passed to the backend driver along with every processing request. However, to support live migration of the VM to other VM host servers, these security parameters would need to be passed along to the backend drivers with every packet to be processed because the Virtio-PCI virtual interface is stateless. Without passing these security parameters in each request, a security engine within the new VM host server would not have the security context information it needs to perform the security processing.